CVE-2015-5220 — MEDIUM (5.0)

Q: How severe is CVE-2015-5220?

CVE-2015-5220 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5220?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Wildfly Application Server.

Vulnerability Description

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	<= 6.4.3
Redhat	Jboss Wildfly Application Server	<= 2.0.0

Related Weaknesses (CWE)

CWE-119

References

http://rhn.redhat.com/errata/RHSA-2015-1904.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1905.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1906.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1907.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1908.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1519.htmlPatchVendor Advisory
http://www.securitytracker.com/id/1033859Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1255597Issue TrackingVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1904.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1905.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1906.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1907.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1908.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1519.htmlPatchVendor Advisory
http://www.securitytracker.com/id/1033859Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-5220?

CVE-2015-5220 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) ...

How severe is CVE-2015-5220?

CVE-2015-5220 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5220?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Wildfly Application Server.